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Abstract 

We describe an algorithm for the factorization of non-commutative 
polynomials over a field. The first sketch of this algorithm appeared in an 
unpublished manuscript (literally hand written notes) by James H. Dav- 
enport more than 20 years ago. This version of the algorithm contains 
some improvements with respect to the original sketch. An improved ver- 
sion of the algorithm has been fully implemented in the Axiom computer 
algebra system. 

1 Introduction 

We describe an algorithm for the factorization of non-commutative polynomials 
over a field, the first version of which was described but never published by 
James H. Davenport more than 20 years ago. He wrote these notes |Dav| on the 
occasion of a visit to Pisa for a series of lectures and later forgot them. These 
(hand-written) notes have been kept by Teo Mora (Univ. of Genoa) who passed 
them to Carlo Traverso (Univ. of Pisa) who passed them to me. 

The main ideas of the original algorithm and an application to cryptanalysis 
have been treated in |CCT08j , where we have shown how to construct an attack 
on the non-commutative Polly- Crackers FK94 proposed in |Rai04] . 

We are considering a free if-algebra over a field K for which effective poly- 
nomial system solving is possible. We do not treat the cases where some al- 
gebraic relations on the elements are imposed, such as for example the case of 
linear differential operators ([Bro94 , vdPS03 ). The problem of factorizing a 
non-commutative polynomial in this setting is clearly solvable by a brute-force 
approach. Our algorithm if applied to univariate polynomials coincides with the 
brute-force approach, but it performs much better in the multivariate case. 

We give the full details of the algorithm, two improvements of the original 
algorithm and we present its complete implementation in the Axiom computer 
algebra system. The implementation will be submitted to the Axiom maintainers 
for inclusion in the next version of the system. 

In order to simplify the description we will only consider the problem of 
factorizing a polynomial in two factors of given total degrees. 
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2 The Homogeneous Case 



The homogeneous case is a very special case. The algorithm is simple and its 
correctness is self-evident: we construct the two factors of a given polynomial 
F by selecting a monomial m — mim2 and taking the sum of the monomials 
left-divisible by mi and those right-divisible by m-i- 



Algorithm 1 Homogeneous Non-Commutative Factorization 
Require: A homogeneous polynomial F of degree n; 

the desired degrees h and k for the factorization 
Ensure: Either a negative answer or the two factors G and H of desired degree 

1: "Select" any monomial in F and factor it in two parts G of degree h and H 

of degree k. 
2: for all monomials M in F do 
3: if G left-divides M then 

4: H := H + R, with R the left-quotient of M by G 
5: end if 

6: if H right-divides M then 

7: G := G + L, with L the right-quotient of M by H 

8: end if 

9: end for 
10: if F=G H then 
11: Return G and H 
12: else 

13: Return "Irreducible" 
14: end if 



Remark 1. The correctness of Algorithm^ implies that for given degrees there 
is a unique factorization. One can prove more: the factorization is essentially 
unique, i.e. if a polynomial F is factored as F = G\H\ = G2H2 with degGi = 
i < j = deg G2 then the two factorizations must have a common refinement: 
F = G X JB2- 

This is proved as follows: we can always assume 

G\ = x\ ■ ■ -Xi + Rx, G2 — x\ ■ ■ ■ Xj + i?2- (1) 

after dividing by a suitable element of the field. 

We can now consider the polynomial Jq given by the sum of the elements in 

{monomial m in G2 left- divisible by X\ ■ ■ ■ Xi, 
i.e. of the form cx\ ■ ■ ■ xiy\ ■ ■ ■ yj-i}. 
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We have that the set of monomials m in F that are left- divisible by X\ ■ ■ ■ Xi 
can be obtained as J0H2 as well as x\ ■ ■ -XiFL\. 

Therefore we can take the polynomial J given by the sum of the elements in 

{left- quotient of an element of J by x\ ■ ■ ■ Xi, 
i.e. a monomial of the form cyi ■ • ■ yj-%} 

from which follows 

x\ ■ ■ ■ XiHi = X\ ■ ■ ■ XiJH2 (4) 
that implies H\ — JH2 and G2 = G\J . 



3 The General Case 

The general case is more complicated because the factorization is not unique 
anymore even if we fix the degrees of the factors (see Subsection 13 . 31 for a simple 
example) . 

3.1 Exponential Growth of the Number of Factorizations 

Teo Mora (Univ. of Genoa) has noticed that for any univariate polynomial 
f(t) that is factored as f%(t) ■ ■ ■ fk(t) (with all distinct factors), if we consider 
f(XY) we have the following non-commutative factorizations for the polynomial 
Yf(XY): 

Yf(XY)=Yf 1 (XY)---f k (XY) = 
h{YX)Y---f k {XY) = h{XY).--Yf k {XY). 

In such a way Teo Mora proves an exponential lower-bound on the number 
of factorizations with respect to the degree. However if we homogenize an 
inhomogeneous polynomial we are left with just one possible factorization. This 
is explained by the fact that there are different ways to homogenize. 

Example 1. Clearly x 2 — 1 is factored as (x—l)(x+l) but it can be homogenized 
as x 2 — y 2 , which is irreducible, or as x 2 — xy + xy — y 2 , which is factored as 
(x — y) (x + y) , which corresponds to the factorization (x — l)(x+ 1). 

Remark 2. The finiteness of the factorization is still unproved. A formal proof 
could be achieved by proving the 0- dimensionality of the system produced by the 
algorithm. 
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3.2 The General Algorithm 



Let us consider the problem of factorizing F of degree n as F = GH, with G 
of degree h and H of degree k. The main idea of the algorithm is to use the 
relations between the homogeneous parts F n _j (of degree n — j) of F and the 
homogeneous parts Gh-j (of degree h — j) of G, Hk-j (of degree h — j) of H: 

F n = GhHk 
F n -i = GhHk-i + Gh-iHk 
F n -2 — Gh-iHk-i = GhHk-2 + Gu-2Hk (6) 
F n -3 — Gh-iHk-2 — G^_2-fffc-i = GhHk-3 + Gh-3Hk 



It is possible to determine Gh-j and H^-j in the right hand side by "inspec- 
tion" of the left hand side (similarly to the homogeneous case, by searching 
for monomials that have certain "substrings"). The main difference from the 
homogeneous case is that we must take into account possible cancellations of 
terms in the right-hand side, which corresponds to possible partial overlaps of 
monomials in Gu and Hk- For each possible cancellation between GhFtk-j and 
Gh-jFtk we introduce new "symbols", i.e. an extension of our ground held. The 
subsequent relations will determine algebraic relations on the new elements of 
the held that will produce a system of polynomial equation, which we can solve 
by a Grobner basis computation. 

Remark 3. The description of the possible values of the new symbols is in 
general provided by a system of polynomial equations on the new symbols. Our 
implementations allows to choose whether the system should be normalized in 
the form of the reduced lexicographic Grobner basis. 

3.3 One Interesting Simple Example 

Let us consider K = ¥ p , with p > 2 and F := yxyxy — y. We can use our 
algorithm to factorize F in two factors of degree 2 and 3. 

Our procedure for this example could be summarized as follows 

1. The head F n of F is just the monomial yxyxy which is factored in G 2 := yx 
and H 3 := yxy. 

2. From F 4 = = yxH 2 + Giyxy we get H 2 = G± = 0; 

3. From F% — G1H2 = = yxH\ + Goyxy we detect a possible cancellation 
in the right hand side, which forces us to introduce a new symbol a as 
possible coefficient, which implies Hi := ay, G = —a; 

4. From F 2 - G\H\ - G H 2 = = yxH we get H = 0; 

5. By using the relation F = yxyxy - y = (Ei=o Gi)(Ej=o H i) = (v x ~ 
a) (yxy + ay) we get a 2 — 1 we gives the two different solutions to the 
factorization (yx ± l)(yxy =F J/)- 
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Algorithm 2 Non-Commutative Factorization 
Require: A polynomial F of degree n; 

the desired degrees h and k for the factorization 
Ensure: The list of possible factorization of F in Gh and Hk in two parts of 

degree h and k 

1: Use Algorithm [T] to factorize the homogeneous part of F of highest degree 
in G h and H k 

2: "Select" monomials G — x\ . . . Xh of Gh, and H = y\ . . .y/. of Hk 
3: F n _j := F n -j for all j = 1 . . . n. 
4: for j in 1 ... n do 

5: F n —j . F n —j Z^/i=l Gh—iFtk—j + i 

6: if the last j variables Xh-j+i ■ . ■ Xh of G are equal to the first j variables 
yi . . . yj of H then 

7: Consider the coefficient c of X\ . . . Xh-jUj+i ■ ■ - Vk in Fn—j 

8: F n -j := F„_j - cxi . . . Xh-jVj+x ■■■Vk 

9: = K(a) for a new symbol a 

10: G/j-j := G/j-j + axi . . . Xh-jyj+i ...yk 
11: H k - 3 := H k -j + (c - a)xi . . . Xh-jVj+i ■■■Vk 
12: end if 

13: for all monomials M in F n _j do 
14: if G left-divides M then 

15: Hh-j '■= Hh-j + dR, with i? the left-quotient of M by G 

16: end if 

17: if if right-divides M then 

18: Gfc-j := Gk-j + dL, with L the right-quotient of M by H 

19: end if 
20: end for 
21: end for 

22: Consider G := J2i=o G h and H := J2i = o H i 

23: Find the possible values of the new symbols such that F = GH 

24: Return G, H and a description of all possible values of the new symbols 
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4 Improvements 



The main problem of non-commutative factorization is the exponential number 
of cases to be considered. Our improvements reduce the number of possible 
cases to be considered by 

1. reducing the number of algebraic extensions; 

2. reducing the number of possible factorizations in two factors. 

4.1 Reducing the Extensions 

It is possible to avoid the introduction of extensions in the coefficient field by 
carefully choosing G and H in Algorithm^ In particular we must choose them 
in a way that reduces the number of overlaps between them, since for each 
overlap between the last part of G and the first of H of length j we are forced 
to consider a possible cancellation which produces a new extension. 

4.2 Commutative Images 

It is possible to immediately detect some impossible factorization by consid- 
ering the commutative version of the given polynomial and its commutative 
factors. If the commutative polynomial has the same degree as the original 
one, then the commutative factors are in general a refinement of the possible 
non-commutative factorization and therefore we can greatly limit the number 
of cases to be considered. A very simplified version of this idea could be used as 
follows: if the commutative version of a given polynomial F can be factored in 
irreducible factors of degree ai , . . . , oj,, then we need only consider as possible 
non-commutative factors those of degrees b\ and 62 where b\ is a solution of the 
binary knapsack problem for the and 62 = deg F — b\ (i.e. b\ is a sum of 
some a,). 

This simple approach can be extended to the other cases expect when the 
commutative image is 0, by considering the commutative homogeneous parts of 
the original polynomial and use them to reduce the cases. Another improvement 
may come from considering other quotients of the algebra. 

5 The Axiom Implementation 

We have implemented Algorithm [5] and its improvements in the Axiom computer 
algebra system. The choice of the Axiom computer algebra system is due to the 
flexibility of this system and to the fact that Axiom already provides constructors 
for non-commutative algebraic structures. In particular MonoidRing provides 
a constructor for polynomials over any monoid and any coefficient ring, and 
FreeMonoid provides one for free monoids, which is exactly what is needed in 
our case. 
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This package is going to be part of standard Axiom but before this happens you 
will need to load the code by typing 

) r daven . input 

The main command is NCFactor which is used as follows 
NCFactor (y*x*y*x*y-y*x*y) ; 

which outputs the list of its factorizations for all possible degrees. 



6 Future Work 

We plan to fully integrate the non-commutative factorization in the next version 
of the Axiom computer algebra system. There are two open questions we will 
be working on: a formal proof (see Remark [5]) of the finiteness of factorizations 
and the question whether other quotients of the algebra can be used. 
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